<!DOCTYPE html>
<html>
<head>
    

    

    



    <meta charset="utf-8">
    
    
    
    <title>shiro配置相关 | my world | 相信自己，做好自己</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    
    <meta name="theme-color" content="#3F51B5">
    
    
    <meta name="keywords" content="shiro配置">
    <meta name="description" content="spring-shiro.xml配置文件配置方式shiro的默认Filterp配置123456789101112131415161718192021222324252627&amp;lt;bean id=&amp;quot;shiroFilter&amp;quot; class=&amp;quot;org.apache.shiro.spring.web.ShiroFilterFactoryBean&amp;quot;&amp;gt;	&amp;lt;p">
<meta property="og:type" content="article">
<meta property="og:title" content="shiro配置相关">
<meta property="og:url" content="http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/index.html">
<meta property="og:site_name" content="my world">
<meta property="og:description" content="spring-shiro.xml配置文件配置方式shiro的默认Filterp配置123456789101112131415161718192021222324252627&amp;lt;bean id=&amp;quot;shiroFilter&amp;quot; class=&amp;quot;org.apache.shiro.spring.web.ShiroFilterFactoryBean&amp;quot;&amp;gt;	&amp;lt;p">
<meta property="og:updated_time" content="2017-02-20T08:34:37.609Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="shiro配置相关">
<meta name="twitter:description" content="spring-shiro.xml配置文件配置方式shiro的默认Filterp配置123456789101112131415161718192021222324252627&amp;lt;bean id=&amp;quot;shiroFilter&amp;quot; class=&amp;quot;org.apache.shiro.spring.web.ShiroFilterFactoryBean&amp;quot;&amp;gt;	&amp;lt;p">
    
        <link rel="alternative" href="/atom.xml" title="my world" type="application/atom+xml">
    
    <link rel="shortcut icon" href="/myblog/favicon.ico">
    <link rel="stylesheet" href="/myblog/css/style.css?v=1.4.3">
    <script>window.lazyScripts=[]</script>
</head>

<body>
    <div id="loading" class="active"></div>

    <aside id="menu" class="hide" >
  <div class="inner flex-row-vertical">
    <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="menu-off">
        <i class="icon icon-lg icon-close"></i>
    </a>
    <div class="brand-wrap">
      <div class="brand">
        <a href="/myblog/" class="avatar waves-effect waves-circle waves-light">
          <img src="/myblog/img/head.jpg">
        </a>
        <hgroup class="introduce">
          <h5 class="nickname">李宁</h5>
          <a href="mailto:13521596672@163.com" title="13521596672@163.com" class="mail">13521596672@163.com</a>
        </hgroup>
      </div>
    </div>
    <div class="scroll-wrap flex-col">
      <ul class="nav">
        
            <li class="waves-block waves-effect">
              <a href="/myblog/"  >
                <i class="icon icon-lg icon-home"></i>
                主页
              </a>
            </li>
        
            <li class="waves-block waves-effect">
              <a href="/myblog/archives"  >
                <i class="icon icon-lg icon-archives"></i>
                归档
              </a>
            </li>
        
            <li class="waves-block waves-effect">
              <a href="/myblog/tags"  >
                <i class="icon icon-lg icon-tags"></i>
                标签
              </a>
            </li>
        
            <li class="waves-block waves-effect">
              <a href="https://git.oschina.net/lndream" target="_blank" >
                <i class="icon icon-lg icon-git"></i>
                git
              </a>
            </li>
        
            <li class="waves-block waves-effect">
              <a href="http://weibo.com/lndream" target="_blank" >
                <i class="icon icon-lg icon-weibo"></i>
                微博
              </a>
            </li>
        
            <li class="waves-block waves-effect">
              <a href="/myblog/404.html"  >
                <i class="icon icon-lg icon-link"></i>
                404页面测试
              </a>
            </li>
        
      </ul>
    </div>
  </div>
</aside>

    <main id="main">
        <header class="top-header" id="header">
    <div class="flex-row">
        <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light on" id="menu-toggle">
          <i class="icon icon-lg icon-navicon"></i>
        </a>
        <div class="flex-col header-title ellipsis">shiro配置相关</div>
        
        <div class="search-wrap" id="search-wrap">
            <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="back">
                <i class="icon icon-lg icon-chevron-left"></i>
            </a>
            <input type="text" id="key" class="search-input" autocomplete="off" placeholder="输入感兴趣的关键字">
            <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="search">
                <i class="icon icon-lg icon-search"></i>
            </a>
        </div>
        
        
        <a href="javascript:;" class="header-icon waves-effect waves-circle waves-light" id="menuShare">
            <i class="icon icon-lg icon-share-alt"></i>
        </a>
        
    </div>
</header>
<header class="content-header post-header">

    <div class="container fade-scale">
        <h1 class="title">shiro配置相关</h1>
        <h5 class="subtitle">
            
                <time datetime="2017-02-19T16:00:00.000Z" itemprop="datePublished" class="page-time">
  2017-02-20
</time>


	<ul class="article-category-list"><li class="article-category-list-item"><a class="article-category-list-link" href="/myblog/categories/shiro/">shiro</a></li></ul>

            
        </h5>
    </div>

    

</header>


<div class="container body-wrap">
    
    <aside class="post-widget">
        <nav class="post-toc-wrap" id="post-toc">
            <h4>TOC</h4>
            <ol class="post-toc"><li class="post-toc-item post-toc-level-1"><a class="post-toc-link" href="#spring-shiro-xml配置文件配置方式"><span class="post-toc-number">1.</span> <span class="post-toc-text">spring-shiro.xml配置文件配置方式</span></a><ol class="post-toc-child"><li class="post-toc-item post-toc-level-2"><a class="post-toc-link" href="#shiro的默认Filterp配置"><span class="post-toc-number">1.1.</span> <span class="post-toc-text">shiro的默认Filterp配置</span></a></li><li class="post-toc-item post-toc-level-2"><a class="post-toc-link" href="#shiro的自定义Filter配置"><span class="post-toc-number">1.2.</span> <span class="post-toc-text">shiro的自定义Filter配置</span></a><ol class="post-toc-child"><li class="post-toc-item post-toc-level-3"><a class="post-toc-link" href="#1-简单配置方式"><span class="post-toc-number">1.2.1.</span> <span class="post-toc-text">1.简单配置方式</span></a></li><li class="post-toc-item post-toc-level-3"><a class="post-toc-link" href="#2-带参数配置方式"><span class="post-toc-number">1.2.2.</span> <span class="post-toc-text">2.带参数配置方式</span></a></li><li class="post-toc-item post-toc-level-3"><a class="post-toc-link" href="#3-多个Shiro-Filter配置方式"><span class="post-toc-number">1.2.3.</span> <span class="post-toc-text">3.多个Shiro Filter配置方式</span></a></li><li class="post-toc-item post-toc-level-3"><a class="post-toc-link" href="#4-Shiro-Filter的执行顺序"><span class="post-toc-number">1.2.4.</span> <span class="post-toc-text">4.Shiro Filter的执行顺序</span></a></li><li class="post-toc-item post-toc-level-3"><a class="post-toc-link" href="#5-通配（模糊匹配）"><span class="post-toc-number">1.2.5.</span> <span class="post-toc-text">5.通配（模糊匹配）</span></a></li></ol></li></ol></li></ol>
        </nav>
    </aside>
    
<article id="post-shiro介绍"
  class="post-article article-type-post fade" itemprop="blogPost">

    <div class="post-card">
        <h1 class="post-card-title">shiro配置相关</h1>
        <div class="post-meta">
            <time class="post-time" title="2017年02月20日 0:00" datetime="2017-02-19T16:00:00.000Z"  itemprop="datePublished">2017-02-20</time>

            
	<ul class="article-category-list"><li class="article-category-list-item"><a class="article-category-list-link" href="/myblog/categories/shiro/">shiro</a></li></ul>



            
<span id="busuanzi_container_page_pv" title="文章总阅读量" style='display:none'>
    <i class="icon icon-eye icon-pr"></i><span id="busuanzi_value_page_pv"></span>
</span>


            

        </div>
        <div class="post-content" id="post-content" itemprop="postContent">
            <h1 id="spring-shiro-xml配置文件配置方式"><a href="#spring-shiro-xml配置文件配置方式" class="headerlink" title="spring-shiro.xml配置文件配置方式"></a>spring-shiro.xml配置文件配置方式</h1><h2 id="shiro的默认Filterp配置"><a href="#shiro的默认Filterp配置" class="headerlink" title="shiro的默认Filterp配置"></a>shiro的默认Filterp配置</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div></pre></td><td class="code"><pre><div class="line">&lt;bean id=&quot;shiroFilter&quot; class=&quot;org.apache.shiro.spring.web.ShiroFilterFactoryBean&quot;&gt;</div><div class="line">	&lt;property name=&quot;securityManager&quot; ref=&quot;securityManager&quot; /&gt;</div><div class="line">	&lt;property name=&quot;loginUrl&quot; value=&quot;/u/login.shtml&quot; /&gt;</div><div class="line">	&lt;property name=&quot;successUrl&quot; value=&quot;/&quot; /&gt;</div><div class="line">	&lt;property name=&quot;unauthorizedUrl&quot; value=&quot;/?login&quot; /&gt;</div><div class="line">	</div><div class="line">	&lt;!--	基本系统级别权限配置--&gt;</div><div class="line">	&lt;property name=&quot;filterChainDefinitions&quot; &gt;</div><div class="line">		&lt;value&gt;</div><div class="line">			/page/login.jsp = anon	&lt;!-- 登录相关不拦截 --&gt;</div><div class="line">			/page/register/* = anon</div><div class="line">			/page/index.jsp = authc</div><div class="line">			/page/addItem* = authc,roles[数据管理员]</div><div class="line">			/page/file* = authc,roleOR[普通用户,数据管理员]</div><div class="line">			/page/listItems* = authc,roleOR[数据管理员,普通用户]</div><div class="line">			/page/showItem* = authc,roleOR[数据管理员,普通用户]</div><div class="line">			/page/updateItem*=authc,roles[数据管理员]</div><div class="line">			/** = anon &lt;!-- 其他不拦截 --&gt;</div><div class="line">           &lt;/value&gt;</div><div class="line">	&lt;/property&gt;</div><div class="line">	&lt;!-- 自定义shiro 的 Filter --&gt;</div><div class="line">      &lt;property name=&quot;filters&quot;&gt;</div><div class="line">          &lt;util:map&gt;</div><div class="line">             &lt;entry key=&quot;login&quot; value-ref=&quot;login&quot;&gt;&lt;/entry&gt;</div><div class="line">          &lt;/util:map&gt;</div><div class="line">      &lt;/property&gt;</div><div class="line">&lt;/bean&gt;</div></pre></td></tr></table></figure>
<ul>
<li>其中，filterChainDefinitions的配置顺序为自上而下,以最上面的为准</li>
<li>当运行一个Web应用程序时,Shiro将会创建一些有用的默认Filter实例<blockquote>
<p>自动地可用的默认的Filter实例是被DefaultFilter枚举类定义的,枚举的名称字段就是可供配置的名称,如下：</p>
</blockquote>
</li>
</ul>
<ul>
<li>@see   anon—————org.apache.shiro.web.filter.authc.AnonymousFilter <ul>
<li>@see   authc————–org.apache.shiro.web.filter.authc.FormAuthenticationFilter </li>
<li>@see   authcBasic———org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter </li>
<li>@see   logout————-org.apache.shiro.web.filter.authc.LogoutFilter </li>
<li>@see   noSessionCreation–org.apache.shiro.web.filter.session.NoSessionCreationFilter </li>
<li>@see   perms————–org.apache.shiro.web.filter.authz.PermissionAuthorizationFilter </li>
<li>@see   port—————org.apache.shiro.web.filter.authz.PortFilter </li>
<li>@see   rest—————org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter </li>
<li>@see   roles————–org.apache.shiro.web.filter.authz.RolesAuthorizationFilter </li>
<li>@see   ssl—————-org.apache.shiro.web.filter.authz.SslFilter </li>
<li>@see   user—————org.apache.shiro.web.filter.authz.UserFilter <figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div></pre></td><td class="code"><pre><div class="line">anon:例子/admins/**=anon 没有参数，表示可以匿名使用。</div><div class="line"></div><div class="line">authc:例如/admins/user/**=authc表示需要认证(登录)才能使用，没有参数</div><div class="line"></div><div class="line">roles：例子/admins/user/**=roles[admin],参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，当有多个参数时，例如admins/user/**=roles[&quot;admin,guest&quot;],每个参数通过才算通过，相当于hasAllRoles()方法。</div><div class="line"></div><div class="line">perms：例子/admins/user/**=perms[user:add:*],参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，例如/admins/user/**=perms[&quot;user:add:*,user:modify:*&quot;]，当有多个参数时必须每个参数都通过才通过，想当于isPermitedAll()方法。</div><div class="line"></div><div class="line">rest：例子/admins/user/**=rest[user],根据请求的方法，相当于/admins/user/**=perms[user:method] ,其中method为post，get，delete等。</div><div class="line"></div><div class="line">port：例子/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等，serverName是你访问的host,8081是url配置里port的端口，queryString是你访问的url里的？后面的参数。</div><div class="line"></div><div class="line">authcBasic：例如/admins/user/**=authcBasic没有参数表示httpBasic认证</div><div class="line"></div><div class="line">ssl:例子/admins/user/**=ssl没有参数，表示安全的url请求，协议为https</div><div class="line"></div><div class="line">user:例如/admins/user/**=user没有参数表示必须存在用户，当登入操作时不做检查</div></pre></td></tr></table></figure>
</li>
</ul>
</li>
</ul>
<blockquote>
<p>anon,authc,authcBasic,user是第一组认证过滤器，perms,port,rest,roles,ssl是第二组授权过滤器 。</p>
<blockquote>
<p><strong><code>注意</code></strong>  user和authc不同：当应用开启了rememberMe时,用户下次访问时可以是一个user,但绝不会是authc,因为authc是需要重新认证的。user表示用户不一定已通过认证,只要曾被Shiro记住过登录状态的用户就可以正常发起请求,比如rememberMe。说白了,以前的一个用户登录时开启了rememberMe,然后他关闭浏览器,下次再访问时他就是一个user,而不会authc</p>
</blockquote>
</blockquote>
<h2 id="shiro的自定义Filter配置"><a href="#shiro的自定义Filter配置" class="headerlink" title="shiro的自定义Filter配置"></a>shiro的自定义Filter配置</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div></pre></td><td class="code"><pre><div class="line">&lt;!-- 自定义Filter bean--&gt;</div><div class="line">&lt;!--其中class类是自定义类--&gt;</div><div class="line">&lt;bean id=&quot;login&quot; class=&quot;com.sojson.core.shiro.filter.LoginFilter&quot;&gt;</div><div class="line">	&lt;property name=&quot;customShiroSessionDAO&quot; ref=&quot;customShiroSessionDAO&quot;/&gt;</div><div class="line">&lt;/bean&gt;</div><div class="line">&lt;bean id=&quot;role&quot; class=&quot;com.sojson.core.shiro.filter.RoleFilter&quot;/&gt;</div><div class="line">&lt;bean id=&quot;permission&quot; class=&quot;com.sojson.core.shiro.filter.PermissionFilter&quot;/&gt;</div><div class="line">&lt;bean id=&quot;simple&quot; class=&quot;com.sojson.core.shiro.filter.SimpleAuthFilter&quot;/&gt;</div></pre></td></tr></table></figure>
<p><strong>定义<code>Shiro Filter Bean</code>  对应关系</strong><br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div></pre></td><td class="code"><pre><div class="line">&lt;bean id=&quot;shiroFilter&quot; class=&quot;org.apache.shiro.spring.web.ShiroFilterFactoryBean&quot;&gt;</div><div class="line">     &lt;!-- 省略配置，参考上面的代码 --&gt;</div><div class="line">     &lt;!-- 自定义shiro 的 Filter --&gt;</div><div class="line">     &lt;property name=&quot;filters&quot;&gt;</div><div class="line">         &lt;util:map&gt;</div><div class="line">             &lt;!--  key 定义 Filter的别名，而 value-ref 对应上面bean的id --&gt;</div><div class="line">             &lt;entry key=&quot;login&quot; value-ref=&quot;login&quot;&gt;&lt;/entry&gt;</div><div class="line">             &lt;entry key=&quot;role&quot; value-ref=&quot;role&quot;&gt;&lt;/entry&gt;</div><div class="line">             &lt;entry key=&quot;simple&quot; value-ref=&quot;simple&quot;&gt;&lt;/entry&gt;</div><div class="line">             &lt;entry key=&quot;permission&quot; value-ref=&quot;permission&quot;&gt;&lt;/entry&gt;</div><div class="line">             &lt;entry key=&quot;kickout&quot; value-ref=&quot;kickoutSessionFilter&quot;&gt;&lt;/entry&gt;</div><div class="line">          &lt;/util:map&gt;</div><div class="line">      &lt;/property&gt;</div><div class="line">&lt;/bean&gt;</div></pre></td></tr></table></figure></p>
<h3 id="1-简单配置方式"><a href="#1-简单配置方式" class="headerlink" title="1.简单配置方式"></a>1.简单配置方式</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">/admin/ask/editor.shtml = role</div></pre></td></tr></table></figure>
<p>上面的配置意义： 就是在请求<code>/admin/ask/editor.shtml</code> 链接时候进入别名为 <code>role</code> 的Shiro Filter</p>
<h3 id="2-带参数配置方式"><a href="#2-带参数配置方式" class="headerlink" title="2.带参数配置方式"></a>2.带参数配置方式</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">/admin/ask/editor.jsp = role[2008,2009]</div></pre></td></tr></table></figure>
<p>上面配置的意义：就是在请求<code>/admin/ask/editor.jsp</code> 链接时候进入别名为 <code>role</code> 的Shiro Filter ，并且参数为数组<code>[2008,2009]</code> ，这里参数的意思是角色编号.</p>
<blockquote>
<p><strong><code>如何取到</code>[2008,2009]<code>的值，如下：</code></strong><br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div></pre></td><td class="code"><pre><div class="line">package com.sojson.core.shiro.filter;</div><div class="line"></div><div class="line">import javax.servlet.ServletRequest;</div><div class="line">import javax.servlet.ServletResponse;</div><div class="line">import javax.servlet.http.HttpServletResponse;</div><div class="line"></div><div class="line">import org.apache.shiro.subject.Subject;</div><div class="line">import org.apache.shiro.util.StringUtils;</div><div class="line">import org.apache.shiro.web.filter.AccessControlFilter;</div><div class="line">import org.apache.shiro.web.util.WebUtils;</div><div class="line">/**</div><div class="line"> * </div><div class="line"> * 开发公司：SOJSON在线工具 &lt;p&gt;</div><div class="line"> * 版权所有：© www.sojson.com&lt;p&gt;</div><div class="line"> * 博客地址：http://www.sojson.com/blog/  &lt;p&gt;</div><div class="line"> * &lt;p&gt;</div><div class="line"> * </div><div class="line"> * 角色判断校验</div><div class="line"> * </div><div class="line"> * &lt;p&gt;</div><div class="line"> * </div><div class="line"> * 区分　责任人　日期　　　　说明&lt;br/&gt;</div><div class="line"> * 创建　周柏成　2016年6月2日 　&lt;br/&gt;</div><div class="line"> *</div><div class="line"> * @author zhou-baicheng</div><div class="line"> * @email  so@sojson.com</div><div class="line"> * @version 1.0,2016年6月2日 &lt;br/&gt;</div><div class="line"> * </div><div class="line"> */</div><div class="line">public class RoleFilter extends AccessControlFilter &#123;</div><div class="line"></div><div class="line">	static final String LOGIN_URL = &quot;http://www.sojson.com/user/open/toLogin.shtml&quot;;</div><div class="line">	static final String UNAUTHORIZED_URL = &quot;http://www.sojson.com/unauthorized.html&quot;;</div><div class="line">	</div><div class="line">	@Override</div><div class="line">	protected boolean isAccessAllowed(ServletRequest request,</div><div class="line">			ServletResponse response, Object mappedValue) throws Exception &#123;</div><div class="line">		//取到参数[2008,2009] ，强制转换判断。</div><div class="line">		String[] arra = (String[])mappedValue;</div><div class="line">		</div><div class="line">		Subject subject = getSubject(request, response);</div><div class="line">		for (String role : arra) &#123;</div><div class="line">			//判断是否有拥有当前权限，有则返回true</div><div class="line">			if(subject.hasRole(&quot;role:&quot; + role))&#123;</div><div class="line">				return true;</div><div class="line">			&#125;</div><div class="line">		&#125;</div><div class="line">		return false;</div><div class="line">	&#125;</div><div class="line"></div><div class="line">	@Override</div><div class="line">	protected boolean onAccessDenied(ServletRequest request,</div><div class="line">			ServletResponse response) throws Exception &#123;</div><div class="line">		</div><div class="line">			Subject subject = getSubject(request, response);  </div><div class="line">	        if (subject.getPrincipal() == null) &#123;//表示没有登录，重定向到登录页面  </div><div class="line">	            saveRequest(request);  </div><div class="line">	            WebUtils.issueRedirect(request, response, LOGIN_URL);  </div><div class="line">	        &#125; else &#123;  </div><div class="line">	            if (StringUtils.hasText(UNAUTHORIZED_URL)) &#123;//如果有未授权页面跳转过去  </div><div class="line">	                WebUtils.issueRedirect(request, response, UNAUTHORIZED_URL);  </div><div class="line">	            &#125; else &#123;//否则返回401未授权状态码  </div><div class="line">	                WebUtils.toHttp(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);  </div><div class="line">	            &#125;  </div><div class="line">	        &#125;  </div><div class="line">		return false;</div><div class="line">	&#125;</div><div class="line"></div><div class="line">&#125;</div></pre></td></tr></table></figure></p>
</blockquote>
<h3 id="3-多个Shiro-Filter配置方式"><a href="#3-多个Shiro-Filter配置方式" class="headerlink" title="3.多个Shiro Filter配置方式"></a>3.多个Shiro Filter配置方式</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">/admin/ask/editor.html = login,role[2008,2009]</div></pre></td></tr></table></figure>
<p>上面配置意义： 就是在请求<code>/admin/ask/editor.html</code> 链接时候先进入 别名为 <code>login</code>的Filter ，并且无参数。别名为<code>login</code> 的Filter 如果没通过，就不会走别名为<code>role</code> 的Filter ，如果别名为<code>login</code> 的Filter 返回true ，则进入别名为<code>role</code> 的Filter 。也就是从前到后.</p>
<h3 id="4-Shiro-Filter的执行顺序"><a href="#4-Shiro-Filter的执行顺序" class="headerlink" title="4.Shiro Filter的执行顺序"></a>4.Shiro Filter的执行顺序</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">/admin/ask/editor.shtml = login,role[2008,2009]</div><div class="line">/admin/ask/** = login,role[007]</div></pre></td></tr></table></figure>
<p>上面配置意义:如果来了一个链接为“<code>/admin/ask/update.shtml</code> ” ，先对比 <code>/admin/ask/editor.shtml</code> 是否匹配，如果匹配不中再走下面的通配<code>/admin/ask/**</code> 匹配中了后，再执行<code>login</code> Filter ，然后通过<code>login</code> Filter 后再执行 <code>role</code>[007] Filter 。</p>
<h3 id="5-通配（模糊匹配）"><a href="#5-通配（模糊匹配）" class="headerlink" title="5.通配（模糊匹配）"></a>5.通配（模糊匹配）</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">/admin/ask/** = login,role[007]</div><div class="line">/admin/** = login,role[008]</div><div class="line">/** = login</div></pre></td></tr></table></figure>
<p>上面配置意义:上面是一个典型的金字塔式匹配方式，<code>/**</code> 是匹配所有，也就是如果上面的<code>/admin/ask/**</code> 和<code>/admin/**</code> 都匹配不中的时候，才走<code>/** = login</code></p>

        </div>

        <blockquote class="post-copyright">
    <div class="content">
        
<span class="post-time">
    最后更新时间：<time datetime="2017-02-20T08:34:37.609Z" itemprop="dateUpdated">2017年2月20日 16:34</time>
</span><br>


        如要转载请注明出处：<a href="/myblog/2017/02/20/shiro介绍/" target="_blank" rel="external">http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/</a>
    </div>
    <footer>
        <a href="http://lndream.oschina.io/myblog">
            <img src="/myblog/img/head.jpg" alt="李宁">
            李宁
        </a>
    </footer>
</blockquote>

        
<div class="page-reward">
    <a id="rewardBtn" href="javascript:;" class="page-reward-btn waves-effect waves-circle waves-light">赏</a>
</div>



        <div class="post-footer">
            
	<ul class="article-tag-list"><li class="article-tag-list-item"><a class="article-tag-list-link" href="/myblog/tags/shiro配置/">shiro配置</a></li></ul>


            
<div class="page-share-wrap">
    

<div class="page-share" id="pageShare">
    <ul class="reset share-icons">
      <li>
        <a class="weibo share-sns" target="_blank" href="http://service.weibo.com/share/share.php?url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/&title=《shiro配置相关》 — my world&pic=http://lndream.oschina.io/myblog/img/head.jpg" data-title="微博">
          <i class="icon icon-weibo"></i>
        </a>
      </li>
      <li>
        <a class="weixin share-sns wxFab" href="javascript:;" data-title="微信">
          <i class="icon icon-weixin"></i>
        </a>
      </li>
      <li>
        <a class="qq share-sns" target="_blank" href="http://connect.qq.com/widget/shareqq/index.html?url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/&title=《shiro配置相关》 — my world&source=" data-title=" QQ">
          <i class="icon icon-qq"></i>
        </a>
      </li>
      <li>
        <a class="facebook share-sns" target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/" data-title=" Facebook">
          <i class="icon icon-facebook"></i>
        </a>
      </li>
      <li>
        <a class="twitter share-sns" target="_blank" href="https://twitter.com/intent/tweet?text=《shiro配置相关》 — my world&url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/&via=http://lndream.oschina.io/myblog" data-title=" Twitter">
          <i class="icon icon-twitter"></i>
        </a>
      </li>
      <li>
        <a class="google share-sns" target="_blank" href="https://plus.google.com/share?url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/" data-title=" Google+">
          <i class="icon icon-google-plus"></i>
        </a>
      </li>
    </ul>
 </div>



    <a href="javascript:;" id="shareFab" class="page-share-fab waves-effect waves-circle">
        <i class="icon icon-share-alt icon-lg"></i>
    </a>
</div>



        </div>
    </div>

    
<nav class="post-nav flex-row flex-justify-between flex-row-reverse">
  

  
    <div class="waves-block waves-effect next">
      <a href="/myblog/2017/02/08/线程安全之SimpleDateFormat/" id="post-next" class="post-nav-link">
        <div class="tips">Next <i class="icon icon-angle-right icon-lg icon-pl"></i></div>
        <h4 class="title">线程安全</h4>
      </a>
    </div>
  
</nav>



    







</article>

<div id="reward" class="page-modal reward-lay">
    <a class="close" href="javascript:;"><i class="icon icon-close"></i></a>
    <h3 class="reward-title">
        <i class="icon icon-quote-left"></i>
        我只要一角钱~ ~
        <i class="icon icon-quote-right"></i>
    </h3>
    <ul class="reward-items">
        
        <li>
            <img src="/myblog/img/wechat.png" title="微信打赏二维码" alt="微信打赏二维码">
            <p>微信</p>
        </li>
        

        
        <li>
            <img src="/myblog/img/alipay.jpg" title="支付宝打赏二维码" alt="支付宝打赏二维码">
            <p>支付宝</p>
        </li>
        
    </ul>
</div>



</div>

        <footer class="footer">
    <div class="top">
        
<p>
    <span id="busuanzi_container_site_uv" style='display:none'>
        站点总访客数：<span id="busuanzi_value_site_uv"></span>
    </span>
    <span id="busuanzi_container_site_pv" style='display:none'>
        站点总访问量：<span id="busuanzi_value_site_pv"></span>
    </span>
</p>


        <p>
            <span><a href="/atom.xml" target="_blank" class="rss" title="rss"><i class="icon icon-lg icon-rss"></i></a></span>
            <span>博客内容遵循 <a href="http://creativecommons.org/licenses/by-nc-sa/4.0/" target="_blank">知识共享 署名 - 非商业性 - 相同方式共享 4.0协议</a></span>
        </p>
    </div>
    <div class="bottom">
        <p>
            <span>Power by <a href="http://hexo.io/" target="_blank">Hexo</a> Theme <a href="https://git.oschina.net/lndream" target="_blank">李宁</a></span>
            <span>my world &copy; 2017</span>
        </p>
    </div>
</footer>

    </main>
    <div class="mask" id="mask"></div>
<a href="javascript:;" id="gotop" class="waves-effect waves-circle waves-light"><span class="icon icon-lg icon-chevron-up"></span></a>



<div class="global-share" id="globalShare">
    <ul class="reset share-icons">
      <li>
        <a class="weibo share-sns" target="_blank" href="http://service.weibo.com/share/share.php?url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/&title=《shiro配置相关》 — my world&pic=http://lndream.oschina.io/myblog/img/head.jpg" data-title="微博">
          <i class="icon icon-weibo"></i>
        </a>
      </li>
      <li>
        <a class="weixin share-sns wxFab" href="javascript:;" data-title="微信">
          <i class="icon icon-weixin"></i>
        </a>
      </li>
      <li>
        <a class="qq share-sns" target="_blank" href="http://connect.qq.com/widget/shareqq/index.html?url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/&title=《shiro配置相关》 — my world&source=" data-title=" QQ">
          <i class="icon icon-qq"></i>
        </a>
      </li>
      <li>
        <a class="facebook share-sns" target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/" data-title=" Facebook">
          <i class="icon icon-facebook"></i>
        </a>
      </li>
      <li>
        <a class="twitter share-sns" target="_blank" href="https://twitter.com/intent/tweet?text=《shiro配置相关》 — my world&url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/&via=http://lndream.oschina.io/myblog" data-title=" Twitter">
          <i class="icon icon-twitter"></i>
        </a>
      </li>
      <li>
        <a class="google share-sns" target="_blank" href="https://plus.google.com/share?url=http://lndream.oschina.io/myblog/2017/02/20/shiro介绍/" data-title=" Google+">
          <i class="icon icon-google-plus"></i>
        </a>
      </li>
    </ul>
 </div>


<div class="page-modal wx-share" id="wxShare">
    <a class="close" href="javascript:;"><i class="icon icon-close"></i></a>
    <p>扫一扫，分享到微信</p>
    <img src="" alt="微信分享二维码">
</div>




    <script src="//cdn.bootcss.com/node-waves/0.7.4/waves.min.js"></script>
<script>
var BLOG = { ROOT: '/myblog/', SHARE: true, REWARD: true };



lazyScripts.push('//s95.cnzz.com/z_stat.php?id=1261081671&web_id=1261081671')

</script>

<script src="/myblog/js/main.min.js?v=1.4.3"></script>


<div class="search-panel" id="search-panel">
    <ul class="search-result" id="search-result"></ul>
</div>
<template id="search-tpl">
<li class="item">
    <a href="{path}" class="waves-block waves-effect">
        <div class="title ellipsis" title="{title}">{title}</div>
        <div class="flex-row flex-middle">
            <div class="tags ellipsis">
                {tags}
            </div>
            <time class="flex-col time">{date}</time>
        </div>
    </a>
</li>
</template>

<script src="/myblog/js/search.min.js?v=1.4.3" async></script>






<script async src="//dn-lbstatics.qbox.me/busuanzi/2.3/busuanzi.pure.mini.js"></script>


</body>
</html>
